如何解决加载嵌入式CSS和图像以供未经授权的用户访问时出现问题
我有在web.config文件的asp.net应用程序中托管的angularjs应用程序。我正在使用ADFS进行此应用程序中实现的身份验证和自定义授权。
angularjs应用程序具有文件夹:资源,其中包含所有静态内容,如css,js,img,字体。还有另一个文件夹错误,其中包含相应错误的html页面。 auth.html是位于错误文件夹中的页面。
在web.config文件级别,我有以下设置:
<location path="errors/auth.html">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
</location>
<location path="assets/css">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
<!-- Add Caching Support for contents within folder: assets-->
<system.webServer>
<!--Caching-->
<staticContent>
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00" />
</staticContent>
</system.webServer>
</location>
<location path="assets/fonts">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
<!-- Add Caching Support for contents within folder: assets-->
<system.webServer>
<!--Caching-->
<staticContent>
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00" />
</staticContent>
</system.webServer>
</location>
<location path="assets/img">
<system.web>
<authorization>
<allow users="?" />
</authorization>
</system.web>
<!-- Add Caching Support for contents within folder: assets-->
<system.webServer>
<!--Caching-->
<staticContent>
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00" />
</staticContent>
</system.webServer>
</location>
<location path="assets/js">
<!-- Add Caching Support for contents within folder: assets-->
<system.webServer>
<!--Caching-->
<staticContent>
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00" />
</staticContent>
</system.webServer>
</location>
我已将应用程序托管在IIS中:IIS版本:10.0.17763.1,在wwwroot文件夹中创建了文件夹名称testapp。
任何未经授权的用户尝试打开应用程序时,我都需要显示auth.html页面,其中包含未经授权的消息详细信息。
在与未经授权的用户进行验证时,我看到呈现的HTML页面没有CSS和图像。即使auth.html具有指向CSS和图像的链接,但它们并未呈现。
auth.html:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Test Application</title>
<meta name="viewport" content="width=device-width,initial-scale=1">
<link rel="icon" type="image/x-icon" href="/assets/img/favicon.ico">
<!-- inject:css -->
<link rel="stylesheet" href="/assets/css/app.css">
<!-- endinject -->
</head>
<header id="main-header" class="navbar navbar-fixed-top error-page-header" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<div class="navbar-brand">
<img src="/assets/img/logo-test.svg" width="92">
</div>
</div>
<nav role="navigation">
<ul class="nav navbar-nav navbar-left">
<li>
<a>Test Application</a>
</li>
</ul>
<ul class="nav navbar-nav navbar-right">
</ul>
</nav>
</div>
</header>
<body>
<div class="error-page">
<h2> You are not authorized to access Test Application.</h2>
</div>
</body>
</html>
Global.asax.cs
protected void Application_PostAuthenticateRequest(object sender,EventArgs e)
{
if (Thread.CurrentPrincipal.Identity.IsAuthenticated && Thread.CurrentPrincipal is IClaimsPrincipal)
{
if (!((IClaimsPrincipal)Thread.CurrentPrincipal).Identities[0].Claims.Exists(c => c.ClaimType == "TestApp_UserAuthorized") || !Convert.ToBoolean(((IClaimsPrincipal)Thread.CurrentPrincipal).Identities[0].Claims.Single(c => c.ClaimType == "TestApp_UserAuthorized").Value))
{
//Avoid Redirection for static files (used in Access denied page)
List<string> staticcontentpaths = new List<string>{".css",".js",".png",".gif",".jpg",".jpeg",".ico",".svg",".woff",".ttf"};
string extension = Path.GetExtension(HttpContext.Current.Request.PhysicalPath).ToLower();
if (!staticcontentpaths.Contains(extension))
{
Server.Execute("~/errors/auth.html");
HttpContext.Current.ApplicationInstance.CompleteRequest();
}
}
}
}
任何人都可以通过提供指导来解决此问题来帮助我
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。